Here is more information. On the server that is having this issue, prior to the FIPS_drbg_generate errors (these show up every time that worker pid is selected to serve a request) we have a single OpenSSL error that shows up in the logs.
SSL Library Error: error:2D06A07F: FIPS routines: FIPS_CHECK_EC:pairwise test failed
Once we get that error, every time we try to serve a request in Apache using that pid, it errors out. So, it seems like something randomly corrupts that PID. Can someone provide some information about FIPS_CHECK_EC: pairwise test failed.
Thanks
On Tue, Jan 7, 2020 at 7:21 AM Jerry Blasdel <jblaz2019@xxxxxxxxx> wrote:
I have several servers configured the same, running Apache 2.4X/OpenSSL1.02 fips-enabled.On one server we periodically get the following errors in the Apache logs:SSL Library Error: error:xxxxxx:FIPS_drbg_generate:selftest failed. In some cases, the server continues to service requests, but in other cases the server hangs and will not process requests until the worker pid receiving the error is killed, or a kill -HUP is issues on the Apache root pid.I see someone else had a similar issue but I can't find any resolution.Other information...We have looked at the entropy on the server when it is working properly vs when it hangs and could not find any big differences.Also, SSLRandomSeed is configured for startup and connect in Apache.Any help would be appreciated.Thanks